How to set secure web proxy (no password)

MST
Contributor

I am looking for a way to set secure web proxy HTTPS on specific wifi networks for example wifi_secure leaving others unchanged. Casper V9.97

Thank You,

7 REPLIES 7

bentoms
Release Candidate Programs Tester

@MST You can push the SSID's out via the JSS & define a proxy there.

MST
Contributor

Well, I would not do that since we use RAdius SSID, user use AD credentials. Ideally would be just add proxy to existing SSID leaving ethernet untouched, other SSIDs also untouched.

I have tried to use: JSS > Computers > Configuration Profiles > New+ > Proxies

But that does not work either for any type of network.

MST
Contributor

even if I change proxy manually for specific SSID that affects other SSID as well - I don't want to do that

MST
Contributor

I have found a script:

HARDCODED VALUES ARE SET HERE

networkInterface="Wi-Fi"
proxyAddress="lightspeed.mydomain.org"
port="8088"

CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 4 AND, IF SO, ASSIGN TO "networkInterface"

if [ "$4" != "" ] && [ "$networkInterface" == "" ];then networkInterface=$4
fi

CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 5 AND, IF SO, ASSIGN TO "proxyAddress"

if [ "$5" != "" ] && [ "$proxyAddress" == "" ];then proxyAddress=$5
fi

CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 6 AND, IF SO, ASSIGN TO "port"

if [ "$6" != "" ] && [ "$port" == "" ];then port=$6
fi

########################################################################################

# SCRIPT CONTENTS - DO NOT MODIFY BELOW THIS LINE

########################################################################################

if [ "$networkInterface" == "" ]; then echo "Error: No network interface has been specified." exit 1
fi

if [ "$proxyAddress" == "" ]; then echo "Error: No proxy address has been specified." exit 1
fi

if [ "$port" == "" ]; then echo "Error: No port was specified." exit 1
fi

OS=/usr/bin/defaults read /System/Library/CoreServices/SystemVersion ProductVersion | awk '{print substr($1,1,4)}'

if [[ "$OS" < "10.5" ]]; then echo "Setting web proxy for OS $OS..." /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/networksetup -setwebproxy "$networkInterface" "$proxyAddress" "$port"
else echo "Setting web proxy for OS $OS..." /usr/sbin/networksetup -setsecurewebproxy "$networkInterface" "$proxyAddress" "$port"
fi

but have error when running it:

Script result: Setting web proxy for OS 10.1...
/Library/Application Support/JAMF/tmp/securewebproxy.sh: line 135: /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/networksetup: No such file or directory
Error running script: return code was 127.

MST
Contributor

above script is garbage, so I have used this one:

networkInterface="Wi-Fi"
AutoProxyDiscovery="lightspeed.mydomain.org"
port="8888"

CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 4 AND, IF SO, ASSIGN TO "networkInterface"

if [ "$4" != "" ] && [ "$networkInterface" == "" ];then networkInterface=$4
fi

CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 5 AND, IF SO, ASSIGN TO "AutoProxyDiscovery"

if [ "$5" != "" ] && [ "$AutoProxyDiscovery" == "" ];then AutoProxyDiscovery=$5
fi

########################################################################################

# SCRIPT CONTENTS - DO NOT MODIFY BELOW THIS LINE

########################################################################################

if [ "$networkInterface" == "" ]; then echo "Error: No network interface has been specified." exit 1
fi

if [ "$AutoProxyDiscovery" == "" ]; then echo "Error: No setting been specified." exit 1
fi

echo "Setting web proxy for OS $OS..." /usr/sbin/networksetup -setsecurewebproxy "$networkInterface" "$AutoProxyDiscovery" "$port"

the only problem is if I would like to add another wifi ssid that adds proxy as well, in case of taking laptop to home that would be an issue

I believe there is a way to fix that

MST
Contributor

Anybody?

mike_pinto
New Contributor III

@MST Maybe a policy triggered by network change that will only apply the proxy if attached to this specific SSID (airport -I)? Or added logic to ping a host on the network beforehand?